您的位置:360文档中心› 实验17 路由器接口PPP 协议封装和PAP、CHAP 验证配置(改写).pdf

实验17 路由器接口PPP 协议封装和PAP、CHAP 验证配置(改写).pdf

实验19路由器接口PPP协议封装和PAP、CHAP验证配置

【背景知识】

教材1.7.4及4.4.4-4.4.5内容。掌握PPP协议的封装结构及PAP、CHAP的认证原理和认

证过程,掌握PAP和CHAP认证的区别。

PAP CHAP

认证时由用户发起认证时由服务器发起

用户名、密码明文传送用 MD5 算法加密传送

次数无限,直至认证成功或线路关闭为止次数有限(一般为 3 次)

认证通过后不再进行验证认证通过后定时再验证

安全性低安全性很高

【实验拓扑】

图8-23给出了实验线路连接,实验时使用Cisco Packet Tracer5.2完成拓扑结构搭建。

注意连接线路时,不要使用Packet Tracer中的自动选择线缆类型方式进行连接,而要自己

选择合适的线缆进行连接,否则拓扑连接容易出错。

图8-23实验19线路连接图

【实验内容】

(1) 选择两台C2811 路由器,分别关闭电源后添加WIC-2T 模块,添加位置为插槽0/接口适

配器0(提示:在4个插槽中右下角的位置)。开启电源之后使用Serial 电缆将两台路由器

的Serial0/0/0 接口进行连接,连接时使得C2811B 为DCE 端、C2811A 为DTE 端,即选择

带时钟标记的串行线先连C2811B,然后再连C2811A。

电源开关,

用鼠标点击

图8.22 WIC-2T 模块安装位置可开关

【提示1】图8.22所示界面,可以单击某台路由器的图标,然后在弹出的框中选择“Physical”

选项卡,接着在左侧一栏中选择WIC-2T,最后按住鼠标左键不变拖动到对应的适配器即可。

【提示2】在选择线缆时,用串行线旁边带时钟符号的线先连接C2811B,那么C2811B即为DCE

端,线另外一头所连接的路由器C2811A就是DTE;反之,亦成立。

1

(2) 参阅教材4.4.4 中内容,配置C2811A 的Serial0/0/0 接口的IP 地址192.168.1.1/24 和二层封装协议为PPP。配置C2811B 的Serial0/0/0 接口的IP 地址192.168.1.2/24和

二层封装协议为PPP。

以下为C2811A的配置,配置如下:

Router>enable

Router#config t

Router(config)#hostname LuoC2811A//简写 ho LuoC2811A

LuoC2811A(config)#interface serial 0/0/0 //简写 int s0/0/0

LuoC2811A(config-if)#ip address 192.168.1.1 255.255.255.0 //简写ip addr

LuoC2811A(config-if)#encapsulation ppp//简写enc pp

LuoC2811A(config-if)#no shutdown//简写no shut

【提示】C2811B的配置与C2811A的配置类似,此处省略。

(3) 完成以上配置之后,分别在两台路由器上使用show interface Serial 0/0/0 查看接口信息,注意接口状态(指up还是down)、接口封装协议。在路由器上相互ping 对方IP地址,看能否ping通,并解释其原因。

LuoC2811A#show interface serial 0/0/0//查看接口状态信息

Serial0/0/0 is up, line protocol is up (connected)

Hardware is HD64570

Internet address is 192.168.1.1/24

MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation PPP, loopback not set, keepalive set (10 sec)

LCP Open

Open: IPCP, CDPCP

Last input never, output never, output hang never

Last clearing of "show interface" counters never

Input queue: 0/75/0 (size/max/drops); Total output drops:

0 Queueing strategy: weighted fair

Output queue: 0/1000/64/0 (size/max total/threshold/drops)

Conversations 0/0/256 (active/max active/max total)

Reserved Conversations 0/0 (allocated/max allocated)

Available Bandwidth 1158 kilobits/sec

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

0 packets input, 0 bytes, 0 no buffer

Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

0 packets output, 0 bytes, 0 underruns

0 output errors, 0 collisions, 1 interface resets

0 output buffer failures, 0 output buffers swapped out

2

0 carrier transitions

DCD=up DSR=up DTR=up RTS=up CTS=up

LuoC2811A#ping 192.168.1.2//ping 对方的IP地址

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms

【提示1】注意红色框中信息,两个up的代表的含义和封装信

息。【提示2】此处显示为ping通。【提示3】C2811B的配置

与C2811A的配置类似,此处省略。

【提示4】理论上,如果还没有配置时钟频率,此时两台路由器的s0/0/0端口是不能相互ping 通的。现在不配置时钟频率也能相互ping通,是由于模拟器缺省情况下就给串行端口配置了时钟频率。大家日后在配置实际的路由器时,要注意此一点。

(4) 为查看接口是DCE还是DTE类型,用show controllers serial 0/0/0命令。根据查看到的接口类型,在DCE接口上配置时钟频率。如若物理连线正确的,C2811B 上的串行口0/0/0

属于DCE,应该配置接口时钟频率。

LuoC2811B#show controllers serial 0/0/0 //查看是DCE还是DTE接口

Interface Serial0/0/0

Hardware is PowerQUICC MPC860

DCE V.35, clock rate 2000000

idb at 0x81081AC4, driver data structure at 0x81084AC0

SCC Registers:

General [GSMR]=0x2:0x00000000, Protocol-specific [PSMR]=0x8 Events [SCCE]=0x0000, Mask [SCCM]=0x0000, Status [SCCS]=0x00 Transmit on Demand [TODR]=0x0, Data Sync [DSR]=0x7E7E Interrupt Registers:

Config [CICR]=0x00367F80, Pending [CIPR]=0x0000C000

Mask [CIMR]=0x00200000, In-srv [CISR]=0x00000000 Command register [CR]=0x580

Port A [PADIR]=0x1030, [PAPAR]=0xFFFF

[PAODR]=0x0010, [PADAT]=0xCBFF

Port B [PBDIR]=0x09C0F, [PBPAR]=0x0800E

[PBODR]=0x00000, [PBDAT]=0x3FFFD

Port C [PCDIR]=0x00C, [PCPAR]=0x200

[PCSO]=0xC20, [PCDAT]=0xDF2, [PCINT]=0x00F

Receive Ring

rmd(68012830): status 9000 length 60C address 3B6DAC4

rmd(68012838): status B000 length 60C address 3B6D444 Transmit Ring

3

tmd(680128B0): status 0 length 0 address 0

tmd(680128B8): status 0 length 0 address 0

tmd(680128C0): status 0 length 0 address 0

tmd(680128C8): status 0 length 0 address 0

tmd(680128D0): status 0 length 0 address 0

tmd(680128D8): status 0 length 0 address 0

tmd(680128E0): status 0 length 0 address 0

tmd(680128E8): status 0 length 0 address 0

tmd(680128F0): status 0 length 0 address 0

tmd(680128F8): status 0 length 0 address 0

tmd(68012900): status 0 length 0 address 0

tmd(68012908): status 0 length 0 address 0

tmd(68012910): status 0 length 0 address 0

tmd(68012918): status 0 length 0 address 0

tmd(68012920): status 0 length 0 address 0

tmd(68012928): status 2000 length 0 address 0 tx_limited=1(2)

SCC GENERAL PARAMETER RAM (at 0x68013C00)

Rx BD Base [RBASE]=0x2830, Fn Code [RFCR]=0x18

Tx BD Base [TBASE]=0x28B0, Fn Code [TFCR]=0x18

Max Rx Buff Len [MRBLR]=1548

Rx State [RSTATE]=0x0, BD Ptr [RBPTR]=0x2830

Tx State [TSTATE]=0x4000, BD Ptr [TBPTR]=0x28B0

SCC HDLC PARAMETER RAM (at 0x68013C38)

LuoC2811A#show controllers serial 0/0/0 //查看是DCE还是DTE接口

Interface Serial0/0/0

Hardware is PowerQUICC MPC860

DTE V.35 TX and RX clocks detected

idb at 0x81081AC4, driver data structure at 0x81084AC0

SCC Registers:

General [GSMR]=0x2:0x00000000, Protocol-specific [PSMR]=0x8 Events [SCCE]=0x0000, Mask [SCCM]=0x0000, Status [SCCS]=0x00 Transmit on Demand [TODR]=0x0, Data Sync [DSR]=0x7E7E Interrupt Registers:

Config [CICR]=0x00367F80, Pending [CIPR]=0x0000C000

Mask [CIMR]=0x00200000, In-srv [CISR]=0x00000000 Command register [CR]=0x580

Port A [PADIR]=0x1030, [PAPAR]=0xFFFF

[PAODR]=0x0010, [PADAT]=0xCBFF

Port B [PBDIR]=0x09C0F, [PBPAR]=0x0800E

[PBODR]=0x00000, [PBDAT]=0x3FFFD

Port C [PCDIR]=0x00C, [PCPAR]=0x200

4

[PCSO]=0xC20, [PCDAT]=0xDF2, [PCINT]=0x00F

Receive Ring

rmd(68012830): status 9000 length 60C address 3B6DAC4

rmd(68012838): status B000 length 60C address 3B6D444

Transmit Ring

tmd(680128B0): status 0 length 0 address 0

tmd(680128B8): status 0 length 0 address 0

【提示】路由器C2811B红色框中显示为DCE类型,因此要在路由器C2811B上设置时钟频率。

//在路由器C2811B设置时钟频率

LuoC2811B(config)#interface serial 0/0/0

LuoC2811B(config-if)#clock rate 64000

(5)配置完时钟频率后,在路由器上相互ping对方IP地址,看能否ping通。再用show interface Serial 0/0/0 查看接口状态。

(6)参阅教材4.4.4 中内容,分别在C2811A 和C2811B 上配置PPP 协议的PAP 验证,可先进行单向验证(即只有一端配置ppp authentication pap,另外一端配置ppp pap sent-username RouterB_pap password passwordb),然后再进行双向验证。完成验证配置后,两台路由器相

互ping 通。

LuoC2811A#config t

LuoC2811A(config)#username RouterB_pap password passwordb

LuoC2811A(config)#interface serial 0/0/0//简写如前

LuoC2811A(config-if)#ppp authentication pap //简写pp au pa

LuoC2811A(config-if)#

%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0, changed state to down %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0, changed

state to down LuoC2811A(config-if)#ppp pap sent-username RouterA_pap password passworda LuoC2811A(config-if)#

%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0, changed state to up

LuoC2811B#conf t

LuoC2811B(config)#interface serial 0/0/0

LuoC2811B(config-if)#ppp pap sent-username RouterB_pap password

passwordb LuoC2811B(config-if)#

%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0, changed state to up LuoC2811B(config-if)#ppp authentication pap

LuoC2811B(config-if)#

%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0, changed state to down LuoC2811B(config-if)#ex

LuoC2811B(config)#username RouterA_pap password passworda LuoC2811B(config)#ppp authentication pap

5

相关主题
相关文档
最新文档